@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("\r\n*****************************************************\r\n");
sb.append("* Owasp.CsrfGuard Properties\r\n");
sb.append("*\r\n");
sb.append(String.format("* Logger: %s\r\n", getLogger().getClass().getName()));
sb.append(String.format("* NewTokenLandingPage: %s\r\n", getNewTokenLandingPage()));
sb.append(String.format("* PRNG: %s\r\n", getPrng().getAlgorithm()));
sb.append(String.format("* SessionKey: %s\r\n", getSessionKey()));
sb.append(String.format("* TokenLength: %s\r\n", getTokenLength()));
sb.append(String.format("* TokenName: %s\r\n", getTokenName()));
sb.append(String.format("* Ajax: %s\r\n", isAjaxEnabled()));
sb.append(String.format("* Rotate: %s\r\n", isRotateEnabled()));
sb.append(String.format("* TokenPerPage: %s\r\n", isTokenPerPageEnabled()));
for (IAction action : actions) {
sb.append(String.format("* Action: %s\r\n", action.getClass().getName()));
for (String name : action.getParameterMap().keySet()) {
String value = action.getParameter(name);
sb.append(String.format("*\tParameter: %s = %s\r\n", name, value));
}
}
sb.append("*****************************************************\r\n");
return sb.toString();
}
public void writeLandingPage(HttpServletRequest request, HttpServletResponse response)
throws IOException {
String landingPage = getNewTokenLandingPage();
/** default to current page * */
if (landingPage == null) {
StringBuilder sb = new StringBuilder();
sb.append(request.getContextPath());
sb.append(request.getServletPath());
landingPage = sb.toString();
}
/** create auto posting form * */
StringBuilder sb = new StringBuilder();
sb.append("<html>\r\n");
sb.append("<head>\r\n");
sb.append("<title>OWASP CSRFGuard Project - New Token Landing Page</title>\r\n");
sb.append("</head>\r\n");
sb.append("<body>\r\n");
sb.append("<script type=\"text/javascript\">\r\n");
sb.append("var form = document.createElement(\"form\");\r\n");
sb.append("form.setAttribute(\"method\", \"post\");\r\n");
sb.append("form.setAttribute(\"action\", \"");
sb.append(landingPage);
sb.append("\");\r\n");
/** only include token if needed * */
if (isProtectedPage(landingPage)) {
sb.append("var hiddenField = document.createElement(\"input\");\r\n");
sb.append("hiddenField.setAttribute(\"type\", \"hidden\");\r\n");
sb.append("hiddenField.setAttribute(\"name\", \"");
sb.append(getTokenName());
sb.append("\");\r\n");
sb.append("hiddenField.setAttribute(\"value\", \"");
sb.append(getTokenValue(request, landingPage));
sb.append("\");\r\n");
sb.append("form.appendChild(hiddenField);\r\n");
}
sb.append("document.body.appendChild(form);\r\n");
sb.append("form.submit();\r\n");
sb.append("</script>\r\n");
sb.append("</body>\r\n");
sb.append("</html>\r\n");
String code = sb.toString();
/** setup headers * */
response.setContentType("text/html");
response.setContentLength(code.length());
/** write auto posting form * */
OutputStream output = null;
PrintWriter writer = null;
try {
output = response.getOutputStream();
writer = new PrintWriter(output);
writer.write(code);
writer.flush();
} finally {
Writers.close(writer);
Streams.close(output);
}
}